Connectum API Reference / @connectum/auth / SharedSecretTrustOptions

Interface: SharedSecretTrustOptions

Defined in: packages/auth/src/types.ts:457

Options for sharedSecretTrust.

DEV-ONLY: a single shared secret is NOT per-service — one compromise forges all callers. Use meshIdentityTrust or signedTokenTrust in production. See ADR-029.

Properties

header?

readonly optional header?: string

Defined in: packages/auth/src/types.ts:464

Header carrying the shared secret.

Default

"x-internal-secret"

---

roles?

readonly optional roles?: readonly string[]

Defined in: packages/auth/src/types.ts:471

Roles granted to a trusted caller.

---

scopes?

readonly optional scopes?: readonly string[]

Defined in: packages/auth/src/types.ts:473

Scopes granted to a trusted caller.

---

secret

readonly secret: string

Defined in: packages/auth/src/types.ts:459

The shared secret, constant-time compared against the header value.

---

subject?

readonly optional subject?: string

Defined in: packages/auth/src/types.ts:469

Subject identity assigned to a trusted call.

Default

"internal"

---

type?

readonly optional type?: string

Defined in: packages/auth/src/types.ts:475

Credential type set on the resulting AuthContext.

Default

"internal"